adding a helper function for this

Author: sfc-gh-dszmolka

src/snowflake/connector/auth/_auth.py

@@ -3,7 +3,6 @@
 import copy
 import json
 import logging
-import os
 import uuid
 from datetime import datetime, timezone
 from threading import Thread
@@ -63,6 +62,7 @@
 from ..session_manager import SessionManagerFactory
 from ..sqlstate import SQLSTATE_CONNECTION_WAS_NOT_ESTABLISHED
 from ..token_cache import TokenCache, TokenKey, TokenType
+from ..util_text import expand_tilde
 from ..version import VERSION
 from .no_auth import AuthNoAuth
 from .oauth import AuthByOAuth
@@ -642,8 +642,7 @@ def get_token_from_private_key(
 
 def get_public_key_fingerprint(private_key_file: str, password: str) -> str:
     """Helper function to generate the public key fingerprint from the private key file"""
-    # expand tilde
-    private_key_file = os.path.expanduser(private_key_file)
+    private_key_file = expand_tilde(private_key_file)
 
     with open(private_key_file, "rb") as key:
         p_key = load_pem_private_key(

src/snowflake/connector/connection.py

@@ -142,7 +142,7 @@
 from .telemetry import TelemetryClient, TelemetryData, TelemetryField
 from .time_util import HeartBeatTimer, get_time_millis
 from .url_util import extract_top_level_domain_from_hostname
-from .util_text import construct_hostname, parse_account, split_statements
+from .util_text import construct_hostname, expand_tilde, parse_account, split_statements
 from .wif_util import AttestationProvider
 
 if sys.version_info >= (3, 13) or typing.TYPE_CHECKING:
@@ -174,9 +174,7 @@ def _get_private_bytes_from_file(
     if private_key_file_pwd is not None and isinstance(private_key_file_pwd, str):
         private_key_file_pwd = private_key_file_pwd.encode("utf-8")
 
-    # expand tilde
-    if isinstance(private_key_file, str):
-        private_key_file = os.path.expanduser(private_key_file)
+    private_key_file = expand_tilde(private_key_file)
 
     with open(private_key_file, "rb") as key:
         private_key = serialization.load_pem_private_key(

src/snowflake/connector/util_text.py

@@ -8,7 +8,8 @@
 import re
 import string
 from io import StringIO
-from typing import Sequence
+from pathlib import Path
+from typing import Any, Sequence
 
 COMMENT_PATTERN_RE = re.compile(r"^\s*\-\-")
 EMPTY_LINE_RE = re.compile(r"^\s*$")
@@ -301,3 +302,17 @@ def get_md5_for_integrity(text: str | bytes) -> bytes:
     md5 = hashlib.md5(usedforsecurity=False)
     md5.update(text)
     return md5.digest()
+
+
+def expand_tilde(path_to_expand: Any) -> Any:
+    try:
+        (
+            path_to_expand == str(Path(path_to_expand).expanduser())
+            if isinstance(path_to_expand, str)
+            else path_to_expand
+        )
+    except RuntimeError:
+        # home could not be resolved
+        _logger.debug("User home could not be determined, not expanding tilde.")
+
+    return path_to_expand

test/unit/test_auth_keypair.py

@@ -276,3 +276,23 @@ def generate_key_pair(key_length: int, *, passphrase: bytes | None = None):
     public_key_der_encoded = "".join(public_key_pem.split("\n")[1:-2])
 
     return private_key_der, public_key_der_encoded
+
+
+@pytest.mark.skipolddriver
+def test_expand_tilde():
+    from os import environ
+
+    from snowflake.connector.util_text import expand_tilde
+
+    old_home = environ["HOME"]
+    environ["HOME"] = "/home/myuser"
+
+    assert expand_tilde("/path/to/key.p8") == "/path/to/key.p8"
+    assert expand_tilde("~/key.p8") == "/home/myuser/key.p8"
+
+    del environ["HOME"]
+    assert isinstance(
+        expand_tilde("~/key.p8"), str
+    )  # should still resolve from /etc/passwd
+
+    environ["HOME"] = old_home